> Sent: Tuesday, March 23, 2021 at 9:44 AM
> From: "Ingo Klöcker"
>
> It's defined in the separate libgpg-error library. It corresponds to the
> symbol GPG_ERR_WEAK_KEY. This symbol occurs in libgcrypt (the low-level
> crypto
> library of GnuPG), e.g. in blowfish.c, and in gnupg.
>
Okay, I t
On Tue, 23 Mar 2021 20:20:02 -0500, Jacob Bachmeyer wrote:
> There are two keys involved here: a PGP private key that is stored
> encrypted under a symmetric key. It appears that that symmetric key has
> been found to be weak. If an attacker can obtain the encrypted blob and
> crack the symm
Vincent Pelletier wrote:
On Mon, 22 Mar 2021 17:32:14 -0500, Jacob Bachmeyer via Gnupg-users
wrote:
The difference is that you *know* an unencrypted key is lying around at
risk of compromise, and you knowingly chose to take that risk when you
chose to store the key unencrypted.
Pard
On Mon, 22 Mar 2021 17:32:14 -0500, Jacob Bachmeyer via Gnupg-users
wrote:
> The difference is that you *know* an unencrypted key is lying around at
> risk of compromise, and you knowingly chose to take that risk when you
> chose to store the key unencrypted.
Pardon my non-gpg-familiarity, but
> Interestingly, when I tried searching the latest GnuPG code base (cloned from
> github)
> for the "Weak encryption key" error message, nothing showed up.
>
> $ "grep -iRl "Weak encryption key" gnupg
>
>
It appears that the problem lies in libgcrypt, which refuses to set a key for
this
cipher
On Dienstag, 23. März 2021 14:31:00 CET jsmith9810--- via Gnupg-users wrote:
> Interestingly, when I tried searching the latest GnuPG code base (cloned
> from github) for the "Weak encryption key" error message, nothing showed
> up.
>
> $ "grep -iRl "Weak encryption key" gnupg
>
It's defined in
> > I try to import this key manually (--import), gpg throws a "weak
> > encryption key" error and refuses to import it. ...which I find
>
> Can you please paste the exact error message and the output of
> "gpgconf --show-versions"?
>
>
> Shalom-Salam,
>
>Werner
>
Sure. My gpgconf doesn't seem
On Mon, 22 Mar 2021 17:43, jsmith9810--- said:
> I try to import this key manually (--import), gpg throws a "weak
> encryption key" error and refuses to import it. ...which I find
Can you please paste the exact error message and the output of
"gpgconf --show-versions"?
Shalom-Salam,
Werner
Am Montag 22 März 2021 23:32:14 schrieb Jacob Bachmeyer via Gnupg-users:
> I am assuming that there is some more severe problem with OpenPGP
> Blowfish key wrapping, since the situation you describe would not
> warrant the measures GPG has taken.
Not know details about this one: Sometimes stuff g
jsmith9...@gmx.com wrote:
[...]
A private key protected by weak blowfish cipher is by no means more at risk
compared to an unencrypted key, which GnuPG has no problem with.
The difference is that you *know* an unencrypted key is lying around at
risk of compromise, and you knowingly chose
> The problem is that a private key protected by a weak cipher is still
> potentially compromised if an attacker can get any copy of the key prior
> to migrating it to a stronger cipher. In other words, if an attacker is
> able to obtain your current key blob, the attacker can still compromise
> y
jsmith9810--- via Gnupg-users wrote:
Hello all,
I have a private key protected by blowfish cipher that despite a random salt and several rounds of
RIPEMD160 iterations is still considered "weak" by GnuPG and it refuses to do anything
with it. When I try to import this key manually (--import),
12 matches
Mail list logo
